[Samba] Domain join not happening on Debian/Ubuntu machines
L. van Belle
belle at samba.org
Thu Apr 28 13:59:30 UTC 2022
Hai,
Please reply to the samba-list and add the OS and samba version then you reply.
There are multiple things off here.
/etc/hosts not wrong but can be done better in that setup.
/etc/resolv.conf missing options when using more then 3 DNS servers.
fist server(s), should be the AD DNS servers of the realm you want to join.
I suggest, remove all except the one you need for now.
To start with.
This is failing due bad resolving, as far I can see for now.
Greetz,
Louis
Van:
Sac Isilia
Verzonden:
donderdag 28 april 2022 10:59
Aan:
belle at samba.org
Onderwerp:
Re: [Samba] Domain join not happening on Debian/Ubuntu machines
Hi Belle,
Below are the config details.
--------------
smb.conf
---------------
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[g_orden_compra]"
Processing section "[docs_as400]"
Processing section "[print$]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
dedicated keytab file = /etc/krb5.keytab
dns proxy = No
domain master = No
kerberos method = secrets and keytab
local master = No
log file = /var/log/samba/log.%m
logging = file
max log size = 1000
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword: * %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
realm = AP.MEDIA.GLOBAL.LOC
security = ADS
server string = %h server (Samba, Ubuntu)
syslog = 0
template shell = /bin/bash
unix password sync = Yes
winbind expand groups = 2
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = AP-MEDIA
idmap config * : range = 10000-9999999
idmap config * : backend = autorid
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr
[printers]
browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
[g_orden_compra]
path = /var/www/html/g_orden_compra
read only = No
valid users = digest400
[docs_as400]
path = /var/www/html/docs_as400
read only = No
valid users = digest400
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
---------------------------------
/etc/resolv.conf
----------------------------------
search media.global.loc emea.media.global.loc americas.media.global.loc dmz.local ap.media.global.loc
nameserver 10.76.205.15
nameserver 10.69.129.16
nameserver 10.69.129.61
nameserver 10.69.129.60
nameserver 10.19.26.134
nameserver 10.19.26.135
nameserver 10.19.26.144
nameserver 10.19.26.145
----------------------
/etc/hosts
--------------------------------
127.0.0.1
localhost
127.0.1.1
ubuntu
# The following lines are desirable for IPv6 capable hosts
::1
localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.115.227
nyc03snow01.corp.local
10.76.205.168
cngzh1dnl01.ap.media.global.loc cngzh1dnl01
Regards
Sachin Kumar
On Thu, Apr 28, 2022 at 9:04 AM L. van Belle <
belle at samba.org
> wrote:
Please post your smb.conf and /etc/hosts and /etc/resolv.conf
without it we cant do anything, but giving wild guesses..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba Namens Sac Isilia via samba
> Verzonden: donderdag 28 april 2022 6:53
> Aan: sambalist <
samba at lists.samba.org
>
> Onderwerp: Re: [Samba] Domain join not happening on Debian/Ubuntu
> machines
>
> Hi Team,
>
> We are trying to domain join the Debian/Ubuntu machines via winbind . We
> have attempted to join the RHEL servers in different domain and they were
> successful.
> But while joining the Debian machines we get below error.
>
> root at cngzh1dnl01:~# net ads join -U media\\test_sachin
>
> Enter media\test_sachin's password:
>
> kerberos_kinit_password
test_sachin at AP.MEDIA.GLOBAL.LOC
failed: Client
> not
> found in Kerberos database
>
> *Failed to join domain: failed to connect to AD: Client not found in
> Kerberos database*
>
> root at cngzh1dnl01:~# systemctl restart winbind.service
>
> Job for winbind.service failed because the control process exited with
> error code.
>
> See "systemctl status winbind.service" and "journalctl -xe" for details.
>
> root at cngzh1dnl01:~#
>
>
> The one thing we observed that we are using MEDIA domain to join the
> servers in media and other domains available. This process works fine with
> REDHAT as it joined across multiple domains using MEDIA\test_sachin but
> same was not successful against debian machines.
>
>
> We contacted our AD team but they said that our MEDIA account is resolving
> to
test_sachin at AP.MEDIA.GLOBAL.LOC
and the account is working fine and
> there is issue on the linux side.
>
>
> Can you help us clarify what can be the issue here that the same account
> works fine for REDHAT servers but fails for Debian/Ubuntu and as matter of
> fact for SUSE as well for domains other than MEDIA.
>
>
> Domains LIst
>
> ------------------
>
> media.global.loc
>
> emea.media.global.loc
>
> ap.media.global.loc
>
>
> Regards
>
> Sachin Kumar
>
> On Wed, Apr 27, 2022 at 5:34 PM Sac Isilia <
udaypratap.singh65 at gmail.com
>
> wrote:
>
> > Hi Team,
> >
> > We are trying to domain join the Debian/Ubuntu machines via winbind .
> We
> > have attempted to join the RHEL servers in different domain and they
were
> > successful.
> > But while joining the Debian machines we get below error.
> >
> > root at cngzh1dnl01:~# net ads join -U media\\test_sachin
> >
> > Enter media\test_sachin's password:
> >
> > kerberos_kinit_password
test_sachin at AP.MEDIA.GLOBAL.LOC
failed:
> Client
> > not found in Kerberos database
> >
> > *Failed to join domain: failed to connect to AD: Client not found in
> > Kerberos database*
> >
> > root at cngzh1dnl01:~# systemctl restart winbind.service
> >
> > Job for winbind.service failed because the control process exited with
> > error code.
> >
> > See "systemctl status winbind.service" and "journalctl -xe" for details.
> >
> > root at cngzh1dnl01:~#
> >
> >
> > The one thing we observed that we are using MEDIA domain to join the
> > servers in media and other domains available. This process works fine
with
> > REDHAT as it joined across multiple domains using MEDIA\test_sachin but
> > same was not successful against debian machines.
> >
> >
> > We contacted our AD team but they said that our MEDIA account is
> resolving
> > to
test_sachin at AP.MEDIA.GLOBAL.LOC
and the account is working fine
> and
> > there is issue on the linux side.
> >
> >
> > Can you help us clarify what can be the issue here that the same account
> > works fine for REDHAT servers but fails for Debian/Ubuntu and as matter
of
> > fact for SUSE as well for domains other than MEDIA.
> >
> >
> > Domains LIst
> >
> > ------------------
> >
> > media.global.loc
> >
> > emea.media.global.loc
> >
> > ap.media.global.loc
> >
> >
> > Regards
> >
> > Sachin Kumar
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:
https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list